package org.eclipse.jetty.util.q0;

import j$.util.List;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.util.f0;
import org.eclipse.jetty.util.security.Password;

/* loaded from: classes2.dex */
public class f extends org.eclipse.jetty.util.n0.b implements org.eclipse.jetty.util.n0.g {
    public static final TrustManager[] e0 = {new a()};
    private static final org.eclipse.jetty.util.o0.c f0;
    private static final org.eclipse.jetty.util.o0.c g0;
    public static final String h0;
    public static final String i0;
    private static final String[] j0;
    private static final String[] k0;
    private Password A;
    private Password B;
    private String C;
    private String D;
    private String E;
    private String F;
    private String N;
    private boolean O;
    private boolean P;
    private int Q;
    private String R;
    private boolean S;
    private boolean T;
    private String U;
    private KeyStore V;
    private KeyStore W;
    private int X;
    private int Y;
    private SSLContext Z;
    private String a0;
    private boolean b0;
    private c c0;
    private PKIXCertPathChecker d0;
    private final Set<String> f;
    private final Set<String> g;
    private final Set<String> h;
    private final List<String> i;
    private final Map<String, h> j;
    private final Map<String, h> k;
    private final Map<String, h> l;
    private String[] m;
    private boolean n;
    private Comparator<String> o;
    private String[] p;
    private org.eclipse.jetty.util.p0.f q;
    private String r;
    private String s;
    private String t;
    private org.eclipse.jetty.util.p0.f u;
    private String v;
    private String w;
    private boolean x;
    private boolean y;
    private Password z;

    /* loaded from: classes2.dex */
    class a implements X509TrustManager {
        a() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class b extends SNIMatcher {

        /* renamed from: a, reason: collision with root package name */
        private String f12584a;

        /* renamed from: b, reason: collision with root package name */
        private h f12585b;

        b() {
            super(0);
        }

        public String a() {
            return this.f12584a;
        }

        public h b() {
            return this.f12585b;
        }

        @Override // javax.net.ssl.SNIMatcher
        public boolean matches(SNIServerName sNIServerName) {
            int indexOf;
            if (f.f0.b()) {
                f.f0.g("SNI matching for {}", sNIServerName);
            }
            if (sNIServerName instanceof SNIHostName) {
                String asciiName = ((SNIHostName) sNIServerName).getAsciiName();
                this.f12584a = asciiName;
                String b2 = f0.b(asciiName);
                h hVar = (h) f.this.k.get(b2);
                this.f12585b = hVar;
                if (hVar == null) {
                    h hVar2 = (h) f.this.l.get(b2);
                    this.f12585b = hVar2;
                    if (hVar2 == null && (indexOf = b2.indexOf(46)) >= 0) {
                        this.f12585b = (h) f.this.l.get(b2.substring(indexOf + 1));
                    }
                }
                if (f.f0.b()) {
                    f.f0.g("SNI matched {}->{}", b2, this.f12585b);
                }
            } else if (f.f0.b()) {
                f.f0.g("SNI no match for {}", sNIServerName);
            }
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class c {

        /* renamed from: a, reason: collision with root package name */
        private final SSLContext f12587a;

        c(f fVar, KeyStore keyStore, KeyStore keyStore2, SSLContext sSLContext) {
            this.f12587a = sSLContext;
        }
    }

    static {
        org.eclipse.jetty.util.o0.c a2 = org.eclipse.jetty.util.o0.b.a(f.class);
        f0 = a2;
        g0 = a2.a("config");
        h0 = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? KeyManagerFactory.getDefaultAlgorithm() : Security.getProperty("ssl.KeyManagerFactory.algorithm");
        i0 = Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ? TrustManagerFactory.getDefaultAlgorithm() : Security.getProperty("ssl.TrustManagerFactory.algorithm");
        j0 = new String[]{"SSL", "SSLv2", "SSLv2Hello", "SSLv3"};
        k0 = new String[]{"^.*_(MD5|SHA|SHA1)$", "^TLS_RSA_.*$", "^SSL_.*$", "^.*_NULL_.*$", "^.*_anon_.*$"};
    }

    public f() {
        this(false);
    }

    public f(boolean z) {
        this(z, null);
    }

    private f(boolean z, String str) {
        this.f = new LinkedHashSet();
        this.g = new LinkedHashSet();
        this.h = new LinkedHashSet();
        this.i = new ArrayList();
        this.j = new HashMap();
        this.k = new HashMap();
        this.l = new HashMap();
        this.n = true;
        this.s = "JKS";
        this.x = false;
        this.y = false;
        this.D = "TLS";
        this.F = h0;
        this.N = i0;
        this.Q = -1;
        this.S = false;
        this.T = false;
        this.X = -1;
        this.Y = -1;
        this.a0 = "HTTPS";
        I2(z);
        G2(j0);
        F2(k0);
        if (str != null) {
            H2(str);
        }
    }

    private void J2() {
        this.c0 = null;
        this.m = null;
        this.p = null;
        this.j.clear();
        this.k.clear();
        this.l.clear();
    }

    private void M1() {
        if (i1()) {
            return;
        }
        throw new IllegalStateException("!STARTED: " + this);
    }

    private void t2() {
        SSLContext sSLContext;
        TrustManager[] trustManagerArr;
        SSLContext sSLContext2 = this.Z;
        KeyStore keyStore = this.V;
        KeyStore keyStore2 = this.W;
        if (sSLContext2 == null) {
            if (keyStore == null && this.q == null && keyStore2 == null && this.u == null) {
                if (p2()) {
                    org.eclipse.jetty.util.o0.c cVar = f0;
                    if (cVar.b()) {
                        cVar.g("No keystore or trust store configured.  ACCEPTING UNTRUSTED CERTIFICATES!!!!!", new Object[0]);
                    }
                    trustManagerArr = e0;
                } else {
                    trustManagerArr = null;
                }
                String e2 = e2();
                SecureRandom secureRandom = e2 == null ? null : SecureRandom.getInstance(e2);
                String str = this.C;
                sSLContext = str == null ? SSLContext.getInstance(this.D) : SSLContext.getInstance(this.D, str);
                sSLContext.init(null, trustManagerArr, secureRandom);
            } else {
                if (keyStore == null) {
                    keyStore = v2(this.q);
                }
                if (keyStore2 == null) {
                    keyStore2 = w2(this.u);
                }
                Collection<? extends CRL> u2 = u2(R1());
                if (keyStore != null) {
                    Iterator it = Collections.list(keyStore.aliases()).iterator();
                    while (it.hasNext()) {
                        String str2 = (String) it.next();
                        Certificate certificate = keyStore.getCertificate(str2);
                        if (certificate != null && "X.509".equals(certificate.getType())) {
                            X509Certificate x509Certificate = (X509Certificate) certificate;
                            if (h.e(x509Certificate)) {
                                org.eclipse.jetty.util.o0.c cVar2 = f0;
                                if (cVar2.b()) {
                                    cVar2.g("Skipping " + x509Certificate, new Object[0]);
                                }
                            } else {
                                h hVar = new h(str2, x509Certificate);
                                this.j.put(str2, hVar);
                                if (r2()) {
                                    org.eclipse.jetty.util.security.b bVar = new org.eclipse.jetty.util.security.b(keyStore2, u2);
                                    bVar.c(b2());
                                    bVar.a(n2());
                                    bVar.b(o2());
                                    bVar.d(d2());
                                    bVar.e(keyStore, x509Certificate);
                                }
                                f0.k("x509={} for {}", hVar, this);
                                Iterator<String> it2 = hVar.c().iterator();
                                while (it2.hasNext()) {
                                    this.k.put(it2.next(), hVar);
                                }
                                Iterator<String> it3 = hVar.d().iterator();
                                while (it3.hasNext()) {
                                    this.l.put(it3.next(), hVar);
                                }
                            }
                        }
                    }
                }
                KeyManager[] Y1 = Y1(keyStore);
                TrustManager[] j2 = j2(keyStore2, u2);
                String str3 = this.E;
                SecureRandom secureRandom2 = str3 != null ? SecureRandom.getInstance(str3) : null;
                String str4 = this.C;
                sSLContext = str4 == null ? SSLContext.getInstance(this.D) : SSLContext.getInstance(this.D, str4);
                sSLContext.init(Y1, j2, secureRandom2);
            }
            sSLContext2 = sSLContext;
        }
        SSLSessionContext serverSessionContext = sSLContext2.getServerSessionContext();
        if (serverSessionContext != null) {
            if (g2() > -1) {
                serverSessionContext.setSessionCacheSize(g2());
            }
            if (h2() > -1) {
                serverSessionContext.setSessionTimeout(h2());
            }
        }
        SSLParameters defaultSSLParameters = sSLContext2.getDefaultSSLParameters();
        SSLParameters supportedSSLParameters = sSLContext2.getSupportedSSLParameters();
        C2(defaultSSLParameters.getCipherSuites(), supportedSSLParameters.getCipherSuites());
        D2(defaultSSLParameters.getProtocols(), supportedSSLParameters.getProtocols());
        this.c0 = new c(this, keyStore, keyStore2, sSLContext2);
        org.eclipse.jetty.util.o0.c cVar3 = f0;
        if (cVar3.b()) {
            cVar3.g("Selected Protocols {} of {}", Arrays.asList(this.m), Arrays.asList(supportedSSLParameters.getProtocols()));
            cVar3.g("Selected Ciphers   {} of {}", Arrays.asList(this.p), Arrays.asList(supportedSSLParameters.getCipherSuites()));
        }
    }

    protected void A2(List<String> list) {
        Iterator<String> it = this.h.iterator();
        while (it.hasNext()) {
            Pattern compile = Pattern.compile(it.next());
            Iterator<String> it2 = list.iterator();
            while (it2.hasNext()) {
                if (compile.matcher(it2.next()).matches()) {
                    it2.remove();
                }
            }
        }
    }

    @Override // org.eclipse.jetty.util.n0.g
    public /* synthetic */ String B0() {
        return org.eclipse.jetty.util.n0.f.a(this);
    }

    protected void B2() {
        if (p2()) {
            g0.d("Trusting all certificates configured for {}", this);
        }
        if (S1() == null) {
            g0.d("No Client EndPointIdentificationAlgorithm configured for {}", this);
        }
        SSLEngine createSSLEngine = this.c0.f12587a.createSSLEngine();
        O1(createSSLEngine);
        SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
        for (String str : sSLParameters.getProtocols()) {
            for (String str2 : j0) {
                if (str2.equals(str)) {
                    g0.d("Protocol {} not excluded for {}", str, this);
                }
            }
        }
        for (String str3 : sSLParameters.getCipherSuites()) {
            for (String str4 : k0) {
                if (str3.matches(str4)) {
                    g0.d("Weak cipher suite {} enabled for {}", str3, this);
                }
            }
        }
    }

    protected void C2(String[] strArr, String[] strArr2) {
        ArrayList arrayList = new ArrayList();
        if (this.i.isEmpty()) {
            arrayList.addAll(Arrays.asList(strArr));
        } else {
            z2(strArr2, arrayList);
        }
        A2(arrayList);
        if (arrayList.isEmpty()) {
            f0.d("No supported ciphers from {}", Arrays.asList(strArr2));
        }
        Comparator<String> Q1 = Q1();
        if (Q1 != null) {
            org.eclipse.jetty.util.o0.c cVar = f0;
            if (cVar.b()) {
                cVar.g("Sorting selected ciphers with {}", Q1);
            }
            List.EL.sort(arrayList, Q1);
        }
        this.p = (String[]) arrayList.toArray(new String[0]);
    }

    public void D2(String[] strArr, String[] strArr2) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (this.g.isEmpty()) {
            linkedHashSet.addAll(Arrays.asList(strArr));
        } else {
            for (String str : this.g) {
                if (Arrays.asList(strArr2).contains(str)) {
                    linkedHashSet.add(str);
                } else {
                    f0.k("Protocol {} not supported in {}", str, Arrays.asList(strArr2));
                }
            }
        }
        linkedHashSet.removeAll(this.f);
        if (linkedHashSet.isEmpty()) {
            f0.d("No selected protocols from {}", Arrays.asList(strArr2));
        }
        this.m = (String[]) linkedHashSet.toArray(new String[0]);
    }

    public void E2(String str) {
        this.a0 = str;
    }

    public void F2(String... strArr) {
        this.h.clear();
        this.h.addAll(Arrays.asList(strArr));
    }

    public void G2(String... strArr) {
        this.f.clear();
        this.f.addAll(Arrays.asList(strArr));
    }

    public void H2(String str) {
        try {
            this.q = org.eclipse.jetty.util.p0.f.x(str);
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    public void I2(boolean z) {
        this.b0 = z;
        if (z) {
            E2(null);
        }
    }

    public SSLParameters N1(SSLParameters sSLParameters) {
        sSLParameters.setEndpointIdentificationAlgorithm(S1());
        sSLParameters.setUseCipherSuitesOrder(q2());
        if (!this.k.isEmpty() || !this.l.isEmpty()) {
            sSLParameters.setSNIMatchers(Collections.singletonList(new b()));
        }
        String[] strArr = this.p;
        if (strArr != null) {
            sSLParameters.setCipherSuites(strArr);
        }
        String[] strArr2 = this.m;
        if (strArr2 != null) {
            sSLParameters.setProtocols(strArr2);
        }
        if (m2()) {
            sSLParameters.setWantClientAuth(true);
        }
        if (c2()) {
            sSLParameters.setNeedClientAuth(true);
        }
        return sSLParameters;
    }

    public void O1(SSLEngine sSLEngine) {
        org.eclipse.jetty.util.o0.c cVar = f0;
        if (cVar.b()) {
            cVar.g("Customize {}", sSLEngine);
        }
        SSLParameters sSLParameters = sSLEngine.getSSLParameters();
        N1(sSLParameters);
        sSLEngine.setSSLParameters(sSLParameters);
    }

    public String P1() {
        return this.t;
    }

    public Comparator<String> Q1() {
        return this.o;
    }

    public String R1() {
        return this.R;
    }

    public String S1() {
        return this.a0;
    }

    public String[] T1() {
        return (String[]) this.h.toArray(new String[0]);
    }

    public String[] U1() {
        return (String[]) this.f.toArray(new String[0]);
    }

    public String[] V1() {
        return (String[]) this.i.toArray(new String[0]);
    }

    public String[] W1() {
        return (String[]) this.g.toArray(new String[0]);
    }

    public String X1() {
        return this.F;
    }

    protected KeyManager[] Y1(KeyStore keyStore) {
        KeyManager[] keyManagerArr = null;
        if (keyStore != null) {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(X1());
            Password password = this.A;
            keyManagerFactory.init(keyStore, (password == null && (password = this.z) == null) ? null : password.toString().toCharArray());
            keyManagerArr = keyManagerFactory.getKeyManagers();
            if (keyManagerArr != null) {
                String P1 = P1();
                if (P1 != null) {
                    for (int i = 0; i < keyManagerArr.length; i++) {
                        if (keyManagerArr[i] instanceof X509ExtendedKeyManager) {
                            keyManagerArr[i] = new d((X509ExtendedKeyManager) keyManagerArr[i], P1);
                        }
                    }
                }
                if (!this.l.isEmpty() || this.k.size() > 1 || (this.k.size() == 1 && this.j.size() > 1)) {
                    for (int i2 = 0; i2 < keyManagerArr.length; i2++) {
                        if (keyManagerArr[i2] instanceof X509ExtendedKeyManager) {
                            keyManagerArr[i2] = new e((X509ExtendedKeyManager) keyManagerArr[i2]);
                        }
                    }
                }
            }
        }
        org.eclipse.jetty.util.o0.c cVar = f0;
        if (cVar.b()) {
            cVar.g("managers={} for {}", keyManagerArr, this);
        }
        return keyManagerArr;
    }

    public String Z1() {
        return this.r;
    }

    public String a2() {
        return this.s;
    }

    public int b2() {
        return this.Q;
    }

    public boolean c2() {
        return this.x;
    }

    public String d2() {
        return this.U;
    }

    public String e2() {
        return this.E;
    }

    public SSLContext f2() {
        SSLContext sSLContext;
        if (!i1()) {
            return this.Z;
        }
        synchronized (this) {
            sSLContext = this.c0.f12587a;
        }
        return sSLContext;
    }

    public int g2() {
        return this.X;
    }

    public int h2() {
        return this.Y;
    }

    public String i2() {
        return this.N;
    }

    protected TrustManager[] j2(KeyStore keyStore, Collection<? extends CRL> collection) {
        TrustManagerFactory trustManagerFactory;
        if (keyStore == null) {
            return null;
        }
        if (s2() && "PKIX".equalsIgnoreCase(i2())) {
            PKIXBuilderParameters x2 = x2(keyStore, collection);
            trustManagerFactory = TrustManagerFactory.getInstance(this.N);
            trustManagerFactory.init(new CertPathTrustManagerParameters(x2));
        } else {
            trustManagerFactory = TrustManagerFactory.getInstance(this.N);
            trustManagerFactory.init(keyStore);
        }
        return trustManagerFactory.getTrustManagers();
    }

    public String k2() {
        return this.v;
    }

    public String l2() {
        return this.w;
    }

    @Override // org.eclipse.jetty.util.n0.g
    public void m1(Appendable appendable, String str) {
        try {
            SSLEngine createSSLEngine = SSLContext.getDefault().createSSLEngine();
            org.eclipse.jetty.util.n0.f.c(appendable, str, this, "trustAll=" + this.b0, new g("Protocol", createSSLEngine.getSupportedProtocols(), createSSLEngine.getEnabledProtocols(), U1(), W1()), new g("Cipher Suite", createSSLEngine.getSupportedCipherSuites(), createSSLEngine.getEnabledCipherSuites(), T1(), V1()));
        } catch (NoSuchAlgorithmException e) {
            f0.f(e);
        }
    }

    public boolean m2() {
        return this.y;
    }

    public boolean n2() {
        return this.S;
    }

    public boolean o2() {
        return this.T;
    }

    public boolean p2() {
        return this.b0;
    }

    public boolean q2() {
        return this.n;
    }

    public boolean r2() {
        return this.O;
    }

    public boolean s2() {
        return this.P;
    }

    @Override // org.eclipse.jetty.util.n0.b
    public String toString() {
        return String.format("%s@%x[provider=%s,keyStore=%s,trustStore=%s]", f.class.getSimpleName(), Integer.valueOf(hashCode()), this.C, this.q, this.u);
    }

    protected Collection<? extends CRL> u2(String str) {
        return org.eclipse.jetty.util.security.a.b(str);
    }

    protected KeyStore v2(org.eclipse.jetty.util.p0.f fVar) {
        return org.eclipse.jetty.util.security.a.a(fVar, a2(), Z1(), Objects.toString(this.z, null));
    }

    protected KeyStore w2(org.eclipse.jetty.util.p0.f fVar) {
        String objects = Objects.toString(l2(), a2());
        String objects2 = Objects.toString(k2(), Z1());
        Password password = this.B;
        if (fVar == null || fVar.equals(this.q)) {
            fVar = this.q;
            if (password == null) {
                password = this.z;
            }
        }
        return org.eclipse.jetty.util.security.a.a(fVar, objects, objects2, Objects.toString(password, null));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.util.n0.b
    public void x1() {
        super.x1();
        synchronized (this) {
            t2();
        }
        B2();
    }

    protected PKIXBuilderParameters x2(KeyStore keyStore, Collection<? extends CRL> collection) {
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.setMaxPathLength(this.Q);
        pKIXBuilderParameters.setRevocationEnabled(true);
        PKIXCertPathChecker pKIXCertPathChecker = this.d0;
        if (pKIXCertPathChecker != null) {
            pKIXBuilderParameters.addCertPathChecker(pKIXCertPathChecker);
        }
        if (collection != null && !collection.isEmpty()) {
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(collection)));
        }
        if (this.S) {
            System.setProperty("com.sun.security.enableCRLDP", "true");
        }
        if (this.T) {
            Security.setProperty("ocsp.enable", "true");
            String str = this.U;
            if (str != null) {
                Security.setProperty("ocsp.responderURL", str);
            }
        }
        return pKIXBuilderParameters;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.util.n0.b
    public void y1() {
        synchronized (this) {
            J2();
        }
        super.y1();
    }

    public SSLEngine y2() {
        M1();
        SSLEngine createSSLEngine = f2().createSSLEngine();
        O1(createSSLEngine);
        return createSSLEngine;
    }

    protected void z2(String[] strArr, java.util.List<String> list) {
        for (String str : this.i) {
            Pattern compile = Pattern.compile(str);
            boolean z = false;
            for (String str2 : strArr) {
                if (compile.matcher(str2).matches()) {
                    list.add(str2);
                    z = true;
                }
            }
            if (!z) {
                f0.k("No Cipher matching '{}' is supported", str);
            }
        }
    }
}
